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REMARKS 

Claims 1, 6, 7, 10, 11, 14, 17 and 20 were pending. Claims 2-5, 
8, 9, 12, 13, 15, 16, 18 and 19 were previously canceled, without 
prejudice or disclaimer. By this Amendment, new dependent claims 
21 and 22 have been added. New dependent claims 21 and 22 
clarify the claimed invention of claim 1, without narrowing the 
scope of the claimed invention and without introducing new 
issues. Accordingly, claims 1, 6, 7, 10, 11,. 14, 17 and 20-22 
are now pending, with claims 1, 6, 7, 14, 17 and 20 in 
independent form. 

Applicant maintains that no new matter is introduced by this 
Amendment. Support for the claim amendments may be found in the 
application at, for example, page 5, lines 2-7, page 6, lines 8- 
11, and page 8, lines 13-17. Accordingly, Applicant respectfully 
requests that this Amendment be entered. 

Rejection Under 35 U.S.C. §103 (a) 

On page 3 of the January 25, 2005 final Office Action, claims 1, 
6, 7, 10, 11, 15, 17 and 20 were rejected under 35 U.S.C. §103 (a) 
as allegedly unpatentable over U.S. Patent No. 6,339,423 to 
Sampson et al . in view of U.S. Patent No. 6,032,260 to Sasmazel 
et al . 

In reference to claims 1, 7, 14, 17 and 20, the Office Action 
states that Sampson discloses an access authentication system for 
providing a client with a service of connection to a terminal 
server. The Office Action further states that the system 
includes a first authentication server for determining whether or 
not the client should be connected to the first terminal server, 
on the basis of personal information input by the client to the 
first terminal server. The Office Action' also states that the 
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first authentication server creating first ticket data by 
encoding a client parameter, which includes part of the personal 
information, on the basis of a predetermined formula. The Office 
Action further states that the access control 240 performs the 
function of the authentication server by determining if the 
browser is authenticated. The Office Action states that the 
access control also sends the browser a cookie that is encrypted 
therefore encoded personal information using a predetermined 
formula. The Office Action also states that Sampson creates a 
second cookie by encoding the client parameter on the basis of a 
predetermined formula when the browser tries to connect to a new 
domain. 

The Office Action acknowledges that Sampson does not expressly 
disclose transferring the ticket to the web server, checking 
whether the ticket is used, and supplying the web server with 
information indicative of whether the second terminal server 
should be connected to the client. The Office Action further 
acknowledges that Sampson discloses a cookie (ticket) with user 
data, Sampson does not expressly disclose the data in the cookie 
encoded using a summarization using a one-way function. 

The Office Action states that Sasmazel discloses a system of 
transferring the eticket from server to server. The Office 
Action further states that the information in the eticket of 
Sasmazel is hashed (summarization using a one-way function) and 
encrypted (one-way function) . The Office Action also states that 
the eticket of Sasmazel is transferred to the second terminal 
server by the first sending it to the browser and then the 
browser sends the ticket to the web server 220 or 240. 



The Office Action states that the second authorization server 
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(360) , which performs the function of the second authentication 
server of detecting whether or not client parameter is valid and 
whether or not the first ticket data has been used. The Office 
Action further states that Sasmazel checks whether the user is in 
session, which is a method of checking whether the eticket has 
been used. The Office Action states that the web server is then 
supplied data indicative of whether or not the second terminal 
server should be connected to the client. The Office Action also 
states that Sasmazel stores in a file information for 
authenticating the user and therefore first ticket data. The 
Office Action further states that comparing the first and second 
ticket data includes checking the validity of the ticket. 

The Office Action states that the system of Sasmazel discloses 
the client parameter includes at least one of ID information of 
the client, and access -originator IP address and an expiration 
date set for the first ticket data. The Office Action further 
states that the system of Sasmazel suggests the common character 
string is changed at a predetermined point in time. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to transfer the ticket information to the web server, 
check whether the ticket is used and supply the web server with 
information indicative of whether the second terminal server 
should be connected to the client as in the system of Sasmazel in 
the system of Sampson. The Office Action further alleges that 
one of ordinary skill in the art would have been motivated to do 
this because the ticket may be securely passed from server to 
server without the user having to re-authenticate. 



In reference to claim 6, which is rejected as the rejection for 
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claim one. The Office Action further states that in addition, 
Sampson discloses a system wherein the user may enter logon 
information. The Office Action also states that logon 

information includes an ID and a password entered by the client. 
The Office Action further states that the ticket disclosed by 
Sasmazel that is transported from server to server includes an 
expiration date; and a common character string in the form of a 
public signature. The Office Action states that since the ticket 
includes ID information and the system checks whether as user is 
in session. The Office Action also states that the system of 
Sasmazel therefore compares the access-originator IP address 
provided in the ticket which is sent to the second terminal 
server this would result in determining whether or not access by 
the client has been executed on or before the expiration date. 

In reference to claim 10, wherein the second authentication means 
judges validity of the first ticket data, the Office Action 
acknowledges that Sampson does not expressly disclose the second 
authentication means judges validity of the first ticket data. 

The Office Action states that Sasmazel stores in a file 
information for authenticating the user and therefore first 
ticket data. The Office Action further states that comparing the 
first and second ticket data includes checking the validity of 
the ticket. The Office Action also states that this suggests the 
second authentication means judges the validity of the first 
ticket data. 

The Office Action alleges that at the time the invention was 
made, it would have been obvious to a person of ordinary skill in 
the art to judge the validity of the first ticket data as shown 
in Sasmazel in the system of Sampson. The Office Action further 
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alleges that one of ordinary skill in the art would have been 
motivated to this because checking the validity of the ticket 
would expose any attempt to carry out fraud. 

In reference to claim 11, wherein the second authentication means 
judges legality of the client parameter, the Office Action states 
that since the validity of the ticket is checked it follows that 
the legality of the client parameter is. check. 

Applicant maintains that the cited references do not render the 
claimed invention unpatentable. The claimed invention is 
patentable over the cited art for at least the following reasons. 

The present application relates to access authentication when 
service is provided to connect a client to a second terminal 
server via a first terminal server. In many instances, the client 
will want to obtain the benefit of services from plural terminal 
servers, since generally no single server can provide all of the 
services that the client would want. However, the client is 
typically contracted with the first terminal server for receiving 
services from the first terminal server, but is not contracted 
with the second terminal server (or additional terminal servers) . 
In addition, the client may not wish to connect directly to the 
second terminal server for other reasons (such as convenience) . 
For example, in order to connect directly to a terminal server, 
the client typically is required to supply personal information, 
such as ID information and password, to the terminal server. 
Therefore, if the client seeks the services of plural terminal 
servers, it is very inconvenient for the client to connect 
directly to the plural terminal servers, each of which would 
require the client to enter the personal information. 
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Applicant devised improved techniques which enable a client to 
obtain services from plural terminal servers, without having to 
enter personal information plural times for the respective plural 
terminal servers. The claimed invention of the present 

application provides for authentication by transferring client 
parameter and first ticket data created by a first authentication 
server (associated with the first terminal server) to a second 
authentication server (associated with the second terminal 
server) . The first authorization server transfers the first 
ticket data and the client parameter* directly to the second 
authorization server without going through the client. Based on 
the first ticket data and the client parameter, the second 
authentication server determines whether or not the second 
terminal server is should be connected to the client. Thus, 
assuming the first ticket data and the client parameter are 
authenticated by the second authentication server, the client can 
be connected to, and obtain the services of, the second terminal 
server via the first terminal server. 

Sampson and Sasmazel do not disclose or suggest 
invention because neither references disclose 
connecting the client to the second terminal server 
terminal server. 

Sampson, as understood by Applicant, is directed to a multi- 
domain access control scheme. In the access scheme of Sampson, a 
first server transmits a data token to client which seeks to 
obtain access to a resource in a second domain. The client uses 
the data token to connect to . a second server in the second 
domain. The second server uses the data token to check that the 
client is authentic and should be given access to resources in 
the second domain. After issuing the data token, the first 



the claimed 
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server is not involved in the connection by the client to the 
second domain. 

Moreover, Sampson does not disclose or suggest that the first 
server transfers first ticket data and client parameter to the 
second server, as provided by the claimed invention of this 
application . 

Sasmazel, as understood by Applicant, is directed to an eticket 
architecture for issuing authenticated electronic tickets in a 
distributed computing system and updating user authentication 
and/or authorization. As pointed out in the Office Action, when 
the eticket is created or updated in the Sasmazel eticket 
architecture by a first authentication server, the eticket is 
transferred by the first authentication server to the client 
browser, and the client browser then must send the ticket to a 
second authentication server in order to obtain the services of 
the associated second terminal server. 

Applicant does not find teaching or suggestion in Sasmazel or 
Sampson of an access authentication system or method wherein the 
client is connected to the second terminal server via the first 
terminal server. Both Sasmazel and Sampson relies on the client 
to connect to the second terminal server after obtaining the data 
token or eticket from the first server. 

Therefore, Sampson and Sasmazel, considered singly or in 
combination, fail to teach or render obvious all features of the 
claimed invention . 

Accordingly, Applicant respectfully requests that the Examiner 
reconsider and withdraw the rejection under 35 U.S.C. §103 (a) . 
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In view of the claim amendments and remarks hereinabove, 
Applicant maintains that the application is now in condition for 
allowance . 

If a telephone interview would be of assistance in advancing 
prosecution of the subject application, Applicant's undersigned 
attorneys invite the Examiner to telephone them at the telephone 
number provided below. 

If a petition for an extension of time is required to make this 
response timely, this paper should be considered to be such a 
petition, and the Commissioner is authorized to charge the 
requisite fees to our Deposit Account No. 03-3125. 

No fee is deemed necessary in connection with the filing of this 
Amendment. However, if any additional fee is required, 

authorization is hereby given to charge the amount of any such 
fee to Deposit Account No. 03-3125. 



Respectfully submitted, 



I hereby certify that this correspondence is 
being transmitted by facsimile transmission 
and is being deposited this date with the 
U.S. Postal Service with sufficient postage 
as first class mail in an envelope addressed 
to: Mail Stop AF, Commissioner for Patents, 
P.O. Box 1450, Alexandria, VA 22313-1450. 



John P. Whiter Reg. No. 2 8,67 8 
Paul Teng, Efi/g. No. 40,837 
Attorneys for Applicant 
Cooper & Dunham, LLP 
1185 Avenue of the Americas 
New York, New York 10 036 
(212) 278-0400 





